Cybersecurity News
Plex Media servers are being abused for DDoS attacks
Cyber-security firm Netscout warns of new DDoS attack vector.05 February 2021
Google's Payout to Bug Hunters Hits New High
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.04 February 2021
IBM Offers $3M in Grants to Defend Schools from Cyberattacks
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.04 February 2021
Google patches an actively exploited Chrome zero-day
Google Chrome 88.0.4324.150 released with a fix. Users advised to update.04 February 2021
Microsoft Says It's Time to Attack Your Machine-Learning Models
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.04 February 2021
Android Devices Prone to Botnet’s DDoS Onslaught
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
04 February 2021
Web Application Attacks Grow Reliant on Automated Tools
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.04 February 2021
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
As many as 100,000 of the music streaming service's customers could face account takeover.
04 February 2021
Nespresso Smart Cards Brewed with Weak Security
A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee.
04 February 2021
Google: Better patching could have prevented 1 in 4 zero‑days last year
Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google
The post Google: Better patching could have prevented 1 in 4 zero‑days last year appeared first on WeLiveSecurity
04 February 2021
Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts
Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.04 February 2021
Google paid $6.7 million to bug bounty hunters in 2020
Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.04 February 2021
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
04 February 2021
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
04 February 2021
Is $50,000 for a Vulnerability Too Much?
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.04 February 2021
Blockchain transactions confirm murky and interconnected ransomware scene
Criminal gangs often use multiple ransomware strains and jump ship from one RaaS (Ransomware-as-a-Service) to another, seeking better deals.04 February 2021
Discord servers targeted in cryptocurrency exchange scam wave
Free Bitcoin? Don’t believe it.04 February 2021
Security firm Stormshield discloses data breach, theft of source code
Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.04 February 2021
Cisco’s AppDynamics debuts app performance, vulnerability management software
Cisco says that clients will no longer have to “sacrifice security for velocity.”04 February 2021
Clearview Facial-Recognition Technology Ruled Illegal in Canada
The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.
04 February 2021